Unexpected memory consumption during token parsing in golang.org/x/oauth2

Overview

Source
ID
GO-2025-3488
Aliases
CVE-2025-22868
Affected package

Description

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Impact

Reference links

Summary

93.61k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
2.10k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
6.97%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
golang.org/x/oauth2
Affected Version: Introduced: 0, Fixed: 0.27.0
Affected
v0.24.0
v0.23.1-0.20241101182912-22134a41033e
v0.23.0
v0.22.1-0.20240806161029-b52af7d5b4e3
v0.22.0
v0.21.0
v0.20.0
v0.19.0
v0.18.0
v0.17.0
v0.16.0
v0.15.0
v0.14.0
v0.13.0
v0.12.1-0.20230922215139-14b275c918cf
v0.12.1-0.20230907174942-55cd552a3654
v0.12.0
v0.11.0
v0.10.0
v0.9.0
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.1-0.20221117220629-ec4a9b2ff231
v0.2.0
v0.1.0
v0.0.0-20221014153046-6fdb5e3db783
v0.0.0-20221006150949-b44042a4b9c1
v0.0.0-20220909003341-f21342109be1
v0.0.0-20220822191816-0ebed06d0094
v0.0.0-20220808172628-8227340efae7
v0.0.0-20220722155238-128564f6959c
v0.0.0-20220718184931-c8730f7fcb92
v0.0.0-20220630143837-2104d58473e0
v0.0.0-20220628200809-02e64fa58f26
v0.0.0-20220622183110-fd043fe589d2
v0.0.0-20220608161450-d0670ef3b1eb
v0.0.0-20220524215830-622c5d57e401
v0.0.0-20220411215720-9780585627b5
v0.0.0-20220309155454-6242fa91716a
v0.0.0-20220223155221-ee480838109b
v0.0.0-20211104180415-d3ed0bb246c8
v0.0.0-20211028175245-ba495a64dcb5
v0.0.0-20211005180243-6b3c2da341f1
v0.0.0-20210819190943-2bc19b11175f
v0.0.0-20210817223510-7df4dd6e12ab
v0.0.0-20210810183815-faf39c7919d5
v0.0.0-20210805134026-6f1e6394065a
v0.0.0-20210628180205-a41e5a781914
v0.0.0-20210622215436-a8dc77f794b6
v0.0.0-20210622190553-bce0382f6c22
v0.0.0-20210615190721-d04028783cf1
v0.0.0-20210514164344-f6687ab2804c
v0.0.0-20210427180440-81ed05c6b58c
v0.0.0-20210413134643-5e61552d6c78
v0.0.0-20210402161424-2e8d93401602
v0.0.0-20210323180902-22b0adad7558
v0.0.0-20210313182246-cd4f82c27b84
v0.0.0-20210311163135-5366d9dc1934
v0.0.0-20210220000619-9bb904979d93
v0.0.0-20210218202405-ba52d332ba99
v0.0.0-20210216194517-16ff1888fd2e
v0.0.0-20210210192628-66670185b0cd
v0.0.0-20210201163806-010130855d6c
v0.0.0-20210126194326-f9ce19ea3013
v0.0.0-20210125201302-af13f521f196
v0.0.0-20210113205817-d3ed898aa8a3
v0.0.0-20210113160501-8b1d76fa0423
v0.0.0-20210112200429-01de73cf58bd
v0.0.0-20201208152858-08078c50e5b5
v0.0.0-20201207163604-931764155e3f
v0.0.0-20201203001011-0b49973bad19
v0.0.0-20201109201403-9fd604954f58
v0.0.0-20200902213428-5d25da1a8d43
v0.0.0-20200107190931-bf48bf16ab8d
v0.0.0-20200107160858-eca82077e2d1
v0.0.0-20191202225959-858c2ad4c8b6
v0.0.0-20191122200657-5d9234df094c
v0.0.0-20190604053449-0f29369cfe45
v0.0.0-20190523182746-aaccbc9213b0
v0.0.0-20190517181255-950ef44c6e07
v0.0.0-20190402181905-9f3314589c9a
v0.0.0-20190319182350-c85d3e98c914
v0.0.0-20190226205417-e64efc72b421
v0.0.0-20190226191147-529b322ea346
v0.0.0-20190220154721-9b3c75971fc9
v0.0.0-20190219183015-4b83411ed2b3
v0.0.0-20190212230446-3e8b2be13635
v0.0.0-20190211225200-5f6b76b7c9dd
v0.0.0-20190130055435-99b60b757ec1
v0.0.0-20190115181402-5dab4167f31c
v0.0.0-20190111185915-36a7019397c4
v0.0.0-20190110195249-fd3eaa146cbb
v0.0.0-20181203162652-d668ce993890
v0.0.0-20181128211412-28207608b838
v0.0.0-20181120190819-8f65e3013eba
v0.0.0-20181106182150-f42d05182288
v0.0.0-20181105165119-ca4130e427c7
v0.0.0-20181102170140-232e45548389
v0.0.0-20181102003913-e0f2c55a7fc7
v0.0.0-20181101160152-c453e0c75759
v0.0.0-20181031022657-8527f56f7107
v0.0.0-20181017192945-9dcd33a902f4
v0.0.0-20181003184128-c57b0facaced
v0.0.0-20180821212333-d2e6202438be
v0.0.0-20180820191322-f720f1faee02
v0.0.0-20180724155351-3d292e4d0cdc
v0.0.0-20180620175406-ef147856a6dd
v0.0.0-20180603041954-1e0a3fa8ba9a
v0.0.0-20180529203656-ec22f46f877b
v0.0.0-20180528195736-8373c646843f
v0.0.0-20180523224158-770e5ebd4ab2
v0.0.0-20180521191639-dd5f5d8e78ce
v0.0.0-20180503012634-cdc340f7c179
v0.0.0-20180416194528-6881fee410a5
v0.0.0-20180402223937-921ae394b943
v0.0.0-20180314180239-fdc9e635145a
v0.0.0-20180312235849-7af32f14d0a2
v0.0.0-20180228173056-2f32c3ac0fa4
v0.0.0-20180227000427-d7d64896b5ff
v0.0.0-20180207181906-543e37812f10
v0.0.0-20180126164932-a032972e2806
v0.0.0-20180118004544-b28fcf2b08a1
v0.0.0-20180104230036-30785a2c434e
v0.0.0-20180103155054-876b1c6ee618
v0.0.0-20171226133531-197281d4e0ec
v0.0.0-20171219020721-0448841f0cbe
v0.0.0-20171215004936-dfbc86644130
v0.0.0-20171212205436-00dc70155e4c
v0.0.0-20171206205713-6a2004c8907a
v0.0.0-20171205225816-ea8c6730ed5b
v0.0.0-20171117235251-f95fa95eaa93
v0.0.0-20171106152852-9ff8ebcc8e24
v0.0.0-20170928010508-bb50c06baba3
v0.0.0-20170912212905-13449ad91cb2
v0.0.0-20170901193052-d89af98d7c6b
v0.0.0-20170807180024-9a379c6b3e95
v0.0.0-20170802155448-96fca6c793ec
v0.0.0-20170719200132-b53b38ad8a64
v0.0.0-20170629190718-cce311a261e6
v0.0.0-20170629032740-5432cc9688e6
v0.0.0-20170517174439-f047394b6d14
v0.0.0-20170510215623-ad516a297a9f
v0.0.0-20170412232759-a6bd8cefa181
v0.0.0-20170321013421-7fdf09982454
v0.0.0-20170313201147-1611bb46e67a
v0.0.0-20170302202304-efb10a30610e
v0.0.0-20170227162313-810daf0509f8
v0.0.0-20170214231824-b9780ec78894
v0.0.0-20170209002143-de0725b330ab
v0.0.0-20170207211851-4464e7848382
v0.0.0-20161219192954-314dd2c0bf3e
v0.0.0-20161107203327-d5040cddfc0d
v0.0.0-20161007180002-1e695b1c8feb
v0.0.0-20160902055913-3c3a985cb79f
v0.0.0-20160817163101-3b966c7f301c
v0.0.0-20160810173516-4784bb855e56
v0.0.0-20160801214932-0aec23fa6269
v0.0.0-20160718223228-08c8d727d239
v0.0.0-20160706231941-7357e9616842
v0.0.0-20160702010809-df5b72659a3b
v0.0.0-20160608215109-65a8d08c6292
v0.0.0-20160428204544-9ef2eddcc677
v0.0.0-20160415165716-7e9cd5d59563
v0.0.0-20160304213135-045497edb623
v0.0.0-20160121061903-8a57ed94ffd4
v0.0.0-20151117210313-442624c9ec92
v0.0.0-20151109224455-3314c49c831b
v0.0.0-20150902214911-ad0128250e8f
v0.0.0-20150527205432-b5adcc2dcdf0
v0.0.0-20150325020022-11c60b6f71a6
v0.0.0-20150117185133-95a9f97e5176